id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses
8672 XML RPC method bug in 2.7 in wp_newComment() screamingtoaster josephscott "'''function wp_newComment($args) in xmlrpc.php has 2 problems with it.'''
1. If the userid/password doesn't exist in the system, then the user can't login and an exception is raised. It seems that this was not the desired behavior, since the code following it checks to see if the user is logged in or not. Either the user can login, or an exception is raised, and execution ceases. Note that this code block is never executed, since if the user doesn't exist, an exception is raised at the start of this method. Here's the code:
{{{
if ( !$this->login_pass_ok( $username, $password ) ) {
$logged_in = false;
if ( $allow_anon && get_option('comment_registration') )
return new IXR_Error( 403, __( 'You must be registered to comment' ) );
else if ( !$allow_anon )
return $this->error;
} else {
$logged_in = true;
set_current_user( 0, $username );
if ( !current_user_can( 'moderate_comments' ) )
return new IXR_Error( 403, __( 'You are not allowed to moderate comments on this blog.' ) );
}
}}}
2. When trying to post a comment on behalf of a different user (than the one logging in), there are some bugs in the code. The $content_struct is checked for the existence of 'author' 3 times, it should be checking for 'author' and 'author_email' and 'author_url'. Here's the faulty code:
{{{
$comment['comment_author'] = '';
if ( isset($content_struct['author']) )
$comment['comment_author'] = $content_struct['author'];
$comment['comment_author_email'] = '';
if ( isset($content_struct['author']) )
$comment['comment_author_email'] = $content_struct['author_email'];
$comment['comment_author_url'] = '';
if ( isset($content_struct['author']) )
$comment['comment_author_url'] = $content_struct['author_url'];
$comment['user_ID'] = 0;
}}}
" defect (bug) closed high 2.7.1 XML-RPC 2.7 critical fixed